pain

2026-05-11 18:19:58 +03:00 · 2026-05-11 18:19:58 +03:00 · cb6af5e7c4
commit cb6af5e7c4
parent 5acdaed42a
16 changed files with 288 additions and 29 deletions
--- a/modules/servers/per-host/overlord/default.nix
+++ b/modules/servers/per-host/overlord/default.nix
@ -0,0 +1,9 @@
+{...}: {
+  imports = [
+    ./nixarr.nix
+    ./share.nix
+    ./tunnel.nix
+    ./pz.nix
+    ./slopfarms.nix
+  ];
+}
--- a/modules/servers/per-host/overlord/pz.nix
+++ b/modules/servers/per-host/overlord/pz.nix
@ -0,0 +1,33 @@
+{pkgs, ...}: {
+  environment.systemPackages = with pkgs; [
+    steamcmd
+    jdk17
+    steam-run
+  ];
+
+  networking.firewall = {
+    allowedTCPPorts = [
+      16261
+      16262
+    ];
+
+    allowedUDPPorts = [
+      16261
+      16262
+    ];
+  };
+
+  users.users.pzserver = {
+    isSystemUser = true;
+    group = "pzserver";
+    home = "/srv/pzserver-home";
+    createHome = true;
+  };
+
+  users.groups.pzserver = {};
+
+  systemd.tmpfiles.rules = [
+    "d /srv/pzserver 0755 pzserver pzserver -"
+    "d /srv/pzserver-home 0755 pzserver pzserver -"
+  ];
+}
--- a/modules/servers/per-host/overlord/share.nix
+++ b/modules/servers/per-host/overlord/share.nix
@ -24,7 +24,7 @@
  services.samba = {
    enable = true;

-    shares.share = {
+    settings.share = {
      path = "/mnt/2tbhdd/nfs";
      browseable = "yes";
      writable = "yes";
--- a/modules/servers/per-host/overlord/slopfarms.nix
+++ b/modules/servers/per-host/overlord/slopfarms.nix
@ -0,0 +1,92 @@
+{
+  pkgs,
+  lib,
+  ...
+}: {
+  services.n8n = {
+    enable = true;
+    openFirewall = true;
+
+    environment = {
+      host = "0.0.0.0";
+      port = 5678;
+      protocol = "http";
+    };
+
+    environment = {
+      N8N_SECURE_COOKIE = "false";
+
+      N8N_EXECUTE_COMMAND_ENABLED = "true";
+      N8N_ENABLE_EXECUTE_COMMAND = "true";
+      NODES_EXCLUDE = "[]";
+      N8N_NODES_INCLUDE = "n8n-nodes-base.executeCommand";
+
+      N8N_BINARY_DATA_STORAGE_PATH = "/srv/slopfarm";
+    };
+  };
+
+  systemd.services.n8n.serviceConfig = {
+    ReadWritePaths = ["/srv/slopfarm"];
+
+    SupplementaryGroups = ["video" "render"];
+
+    PrivateDevices = lib.mkForce false;
+    DevicePolicy = lib.mkForce "auto";
+    DeviceAllow = [
+      "/dev/nvidiactl rw"
+      "/dev/nvidia0 rw"
+      "/dev/nvidia-uvm rw"
+      "/dev/nvidia-uvm-tools rw"
+      "/dev/nvidia-modeset rw"
+    ];
+  };
+
+  environment.systemPackages = with pkgs; [
+    ffmpeg
+    piper-tts
+    git
+    yt-dlp
+    cudaPackages.cudatoolkit
+
+    (python3.withPackages (ps:
+      with ps; [
+        requests
+        aiohttp
+        praw
+
+        torch
+        torchvision
+        transformers
+        accelerate
+        sentencepiece
+        safetensors
+
+        soundfile
+        librosa
+        pydub
+        scipy
+
+        pillow
+        moviepy
+        imageio
+        imageio-ffmpeg
+        opencv4
+
+        numpy
+        tqdm
+        regex
+        python-dotenv
+        pysrt
+        flask
+      ]))
+  ];
+
+  systemd.tmpfiles.rules = [
+    "d /srv/slopfarm 0755 n8n n8n -"
+    "d /srv/slopfarm/input 0755 n8n n8n -"
+    "d /srv/slopfarm/output 0755 n8n n8n -"
+    "d /srv/slopfarm/scripts 0755 n8n n8n -"
+    "d /srv/slopfarm/backgrounds 0755 n8n n8n -"
+    "d /srv/slopfarm/voices 0755 n8n n8n -"
+  ];
+}
--- a/modules/servers/per-host/overlord/tunnel.nix
+++ b/modules/servers/per-host/overlord/tunnel.nix
@ -0,0 +1,107 @@
+{
+  config,
+  pkgs,
+  ...
+}: let
+  kittykatHost = "49.13.170.223";
+  sshKeyPath = "/root/.ssh/id_rsa";
+
+  overlordTunIp = "10.0.0.1";
+  kittykatTunIp = "10.0.0.2";
+
+  zomboidUdpPorts = [
+    16261
+    16262
+    16263
+    16264
+    16265
+    16266
+    16267
+    16268
+    16269
+    16270
+    16271
+    16272
+    52015
+  ];
+in {
+  boot.kernelModules = ["tun"];
+
+  networking.interfaces.tun0 = {
+    virtual = true;
+    virtualType = "tun";
+    ipv4.addresses = [
+      {
+        address = overlordTunIp;
+        prefixLength = 30;
+      }
+    ];
+  };
+
+  networking.firewall = {
+    enable = true;
+    interfaces.tun0.allowedUDPPorts = zomboidUdpPorts;
+  };
+
+  systemd.services.ssh-tun-kittykat = {
+    description = "Persistent SSH TUN tunnel to kittykat";
+
+    after = [
+      "network-online.target"
+      "systemd-networkd-wait-online.service"
+      "NetworkManager-wait-online.service"
+      "systemd-modules-load.service"
+      "network-addresses-tun0.service"
+    ];
+
+    wants = ["network-online.target"];
+    wantedBy = ["multi-user.target"];
+
+    path = [
+      pkgs.openssh
+      pkgs.iproute2
+      pkgs.coreutils
+      pkgs.kmod
+      pkgs.bash
+    ];
+
+    serviceConfig = {
+      Type = "simple";
+      User = "root";
+      Restart = "always";
+      RestartSec = "5s";
+      StartLimitIntervalSec = 0;
+    };
+
+    preStart = ''
+      modprobe tun || true
+
+      ip addr replace ${overlordTunIp}/30 dev tun0 || true
+      ip link set dev tun0 up || true
+
+      for i in $(seq 1 60); do
+        if ip route get ${kittykatHost} >/dev/null 2>&1; then
+          exit 0
+        fi
+        sleep 2
+      done
+
+      echo "No route to ${kittykatHost} after waiting."
+      exit 1
+    '';
+
+    script = ''
+      exec ssh \
+        -i ${sshKeyPath} \
+        -o BatchMode=yes \
+        -o StrictHostKeyChecking=accept-new \
+        -o ServerAliveInterval=15 \
+        -o ServerAliveCountMax=3 \
+        -o ExitOnForwardFailure=yes \
+        -o Tunnel=point-to-point \
+        -w 0:0 \
+        root@${kittykatHost} \
+        "ip addr replace ${kittykatTunIp}/30 dev tun0 && ip link set dev tun0 up && exec sleep infinity"
+    '';
+  };
+}